Attacker Value
Very High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2005-3299

Disclosure Date: October 23, 2005
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.

Add Assessment

1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Technical Analysis

nmap —script exploit 164.100.94.186
Disclosure date: 2005-10-nil
| Extra information:
| ../../../../../etc/passwd :
| <html><head><title>Request Rejected</title></head><body>The requested URL was rejected. Please consult with your administrator.<br><br>Your support ID is: 16035532474987810818<br><br><a href='javascript:history.back();'>[Go Back]</a></body></html>
| References:
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
|_ http://www.exploit-db.com/exploits/1244/

General Information

Exploited in the Wild

Reported by:
Technical Analysis